师资队伍
bob777@sjtu.edu.cn 闵行区东川路800号软件大楼5209 个人主页

陈力波

高级工程师

毕业于清华大学网络与信息安全实验室(NISL),是CTF战队“蓝莲花”初创成员,获Defcon CTF 2012全球资格赛排名19。研究方向为软件与系统安全、漏洞挖掘和利用,近年在IoTAI、区块链等领域开展前沿安全技术研究,取得了多项国际前沿的安全研究成果,发表在多个国际顶级会议(如IEEE S&PUSENIX SecurityACM CCSIJCAI等),得到国内外知名厂商致谢(如中国移动、D-LinkNetgearTP-Link等)及上百个CVECNVD漏洞编号,并多次在知名漏洞破解大赛上获奖,包括CNCERT 2018智能破解挑战赛优胜奖、“天府杯”2018 设备破赛优胜奖、“天府杯”2019最佳原创漏洞复现奖、2020年极棒漏洞挑战赛的破解成功奖和最具人气奖等。此外,积极服务国家与社会的信息安全需求,入选了国家广电总局首批网络安全专家,长期参与白帽社区,编写了《Metasploit渗透测试魔鬼训练营》、《Python黑帽子:黑客与渗透测试编程之道》、《Web安全之逻辑漏洞检测入门》等多部安全领域畅销书籍。

  • 研究兴趣
  • 教育背景
  • 工作经验
  • 教授课程
  • 论文发表
  • 项目资助
  • 获奖信息
  • 学术服务
软件与系统安全,物联网安全,区块链安全,人工智能安全

物联网安全与漏洞挖掘利用、漏洞挖掘与分析、工科创II--CTF和漏洞挖掘实战

1GeeSolver: A Generic, Efficient, and Effortless Solver with Self-Supervised Learning for Breaking Text Captchas. (To appear)

R. Zhao, X. Deng, Y. Wang, Z. Yan, Z. Han, L. Chen, Z. Xue, and Y. Wang.

IEEE Symposium on Security and Privacy (IEEE S&P 2023).

 

2SFuzz: Slice-based Fuzzing for Real-Time Operating Systems.

Libo Chen, Quanpu Cai, Zhenbang Ma, Yanhao Wang, Hong Hu, Minghang Shen, Yue Liu, Shanqing Guo, Haixin Duan, Kaida Jiang, and Zhi Xue.

In Proceedings of the 29th ACM Conference on Computer and Communications Security (ACM CCS 2022).

 

33E-Solver: An Effortless, Easy-to-Update, and End-to-End Solver with Semi-Supervised Learning for Breaking Text-Based Captchas.

Xianwen Deng, Ruijie Zhao, Yanhao Wang, Libo Chen, Yijun Wang, and Zhi Xue.

In Proceedings of the 31st International Joint Conference on Artificial Intelligence (IJCAI 2022).

 

4SEAF: A Scalable, Efficient, and Application-independent Framework for container security detection.

Libo Chen, Yihang Xia, Zhenbang Ma, Ruijie Zhao, Yanhao Wang, Yue Liu, Wenqi Sun, Zhi Xue.

Journal of Information Security and Applications, Volume 71, 2022, 103351, ISSN 2214-2126, doi: 10.1016/j.jisa.2022.103351.

 

5Flow Sequence-Based Anonymity Network Traffic Identification with Residual Graph Convolutional Networks.

Ruijie Zhao, Xianwen Deng, Yanhao Wang, Libo Chen, Ming Liu, Zhi Xue, and Yijun Wang.

In Proceedings of the 30th IEEE/ACM International Symposium on Quality of Service (IWQoS 2022).

 

6Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems.

Libo Chen, Yanhao Wang, Quanpu Cai, Yunfan Zhan, Hong Hu, Jiaqi Linghu, Qinsheng Hou, Chao Zhang, Haixin Duan, and Zhi Xue.

In Proceedings of the 30th USENIX Security Symposium (USENIX Security 2021).

 

7Online Intrusion Detection for IoT Systems with Full Bayesian Possibilistic Clustering and Ensembled Fuzzy Classifiers.

Fangqi Li, Ruijie Zhao, Shilin WANG, Libo Chen, Alan Wee-Chung Liew, Weiping Ding.

IEEE Transactions on Fuzzy Systems, Early Access, doi: 10.1109/TFUZZ.2022.3165390.

 

8A Semi-Supervised Deep Learning-Based Solver for Breaking Text-Based CAPTCHAs.

Xianwen Deng, Ruijie Zhao, Zhi Xue, Ming Liu, Libo Chen, and Yijun Wang.

In Proceedings of IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2022).

 

9基于混合分析的Java反序列化利用链挖掘方法.

武永兴, 陈力波*, 姜开达.

网络与信息安全学报, 2022, 8(2): 160-174.

 

10针对5G核心网协议的自动化漏洞挖掘方法.

吴佩翔, 张志龙, 陈力波*, 王轶骏, 薛质.

网络与信息安全学报, 2023.

 

11基于依赖关系的容器供应链脆弱性检测方法.

夏懿航, 张志龙, 王木子, 陈力波*.

信息网络安全, 2023,23(02): 76-84.




1、上海市“科技创新行动计划”高新技术领域项目--工业环境下5G安全攻防关键技术研究

2、教育部产学合作协同育人项目--教学内容和课程体系改革

3、公安部重点实验室开放课题针对泛在互联终端的脆弱性自动化挖掘

友情链接:

上海交通大学电子信息与电气工程学院 上海交通大学
Copyright © 2017 - 2019 上海交通大学网络空间安全学院 沪ICP备05052060号